Content-Security-Policy-Report-Only | default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: *.ii.nl www.google-analytics.com ssl.google-analytics.com; manifest-src 'self'; media-src 'none'; object-src 'none'; report-uri /csp-report; script-src 'self' www.google-analytics.com ssl.google-analytics.com 'sha256-w18TazO40bmCsytuae4ckQtJHIIrv+R0BzgyJmnTGSU='; style-src 'unsafe-inline' 'self' |